From 64056add0dc77f50a8a22068e62bdff0b99e25d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 26 May 2026 11:12:39 +0200 Subject: [PATCH] build: add passthrough mode to kata-deploy-merge-builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kata-deploy now unpacks individual component tarballs itself, so the final `kata-static.tar.zst` no longer needs to be a merged filesystem payload. Merging everything has two downsides for that flow: - It pulls in everything kept on disk under build/, which previously forced us to also drop agent/busybox/coco-guest-components/nydus from the build set to keep them out of the final tarball. - The merged tarball duplicates content kata-deploy will repack on its own anyway. Add a `passthrough` mode to kata-deploy-merge-builds.sh that, instead of untarring each `kata-static-*.tar.zst` into a single filesystem tree, copies the selected component tarballs into the final tarball as-is. The existing `merge` mode remains the default to preserve the non-kata-deploy install paths (e.g. `make install-tarball`). Wire `nvgpu-tarball` to the new mode via `FINAL_TARBALL_MERGE_MODE= passthrough`, paired with the existing `FINAL_TARBALL_INPUTS` allowlist. This lets us keep agent/busybox/coco as build prereqs of the GPU rootfs while shipping a final tarball that only contains the NVIDIA-relevant components. Signed-off-by: Fabiano FidĂȘncio --- .../kata-deploy/local-build/Makefile | 6 ++- .../local-build/kata-deploy-merge-builds.sh | 40 ++++++++++++------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 3b90a34697..39eb7e001e 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -118,6 +118,7 @@ nvgpu-tarball: BASE_TARBALLS="$(NVGPU_BASE_TARBALLS)" \ BASE_SERIAL_TARBALLS="rootfs-image-nvidia-gpu-tarball rootfs-image-nvidia-gpu-confidential-tarball" \ FINAL_TARBALL_INPUTS="$(NVGPU_FINAL_TARBALL_INPUTS)" \ + FINAL_TARBALL_MERGE_MODE=passthrough \ DEPS= else nvgpu-tarball: @@ -304,12 +305,15 @@ kata-deploy-binary-tarball: nydus-snapshotter-for-coco-guest-pull-tarball: $(call BUILD_KATA_DEPLOY_COMPONENT,nydus-snapshotter-for-coco-guest-pull) +FINAL_TARBALL_MERGE_MODE ?= merge + merge-builds: $(MK_DIR)/kata-deploy-merge-builds.sh \ build \ "$(MK_DIR)/../../../../versions.yaml" \ kata-static.tar.zst \ - "$(FINAL_TARBALL_INPUTS)" + "$(FINAL_TARBALL_INPUTS)" \ + "$(FINAL_TARBALL_MERGE_MODE)" .PHONY: install-prebuilt-artifacts install-prebuilt-artifacts: diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh index 6ea03ddc5a..cd095ee846 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh @@ -17,6 +17,7 @@ kata_build_dir=${1:-build} kata_versions_yaml_file=${2:-""} output_tarball_name=${3:-kata-static.tar.zst} known_tarballs=${4:-""} +merge_mode=${5:-merge} tar_path=$(readlink -f "${output_tarball_name}") if [[ -n "${kata_versions_yaml_file}" ]]; then @@ -45,26 +46,35 @@ for c in ${known_tarballs:-kata-static-*.tar.zst}; do echo "skipping missing tarball \"${c}\"" continue fi - echo "untarring tarball \"${c}\" into ${tarball_content_dir}" - tar --zstd -xvf "${c}" -C "${tarball_content_dir}" + if [[ "${merge_mode}" == "passthrough" ]]; then + echo "copying tarball \"${c}\" into ${tarball_content_dir}" + cp "${c}" "${tarball_content_dir}/" + else + echo "untarring tarball \"${c}\" into ${tarball_content_dir}" + tar --zstd -xvf "${c}" -C "${tarball_content_dir}" + fi done pushd "${tarball_content_dir}" - any_binary=$(find . -path "*/opt/kata/bin/*" -type f | head -1) - if [[ -z "${any_binary}" ]]; then - echo "Error: No binaries found in opt/kata/bin/" >&2 - exit 1 - fi - prefix=${any_binary%bin/*} - - if [[ "${RELEASE:-no}" == "yes" ]] && [[ -f "${repo_root_dir}/VERSION" ]]; then - # In this case the tag was not published yet, - # thus we need to rely on the VERSION file. - cp "${repo_root_dir}/VERSION" "${prefix}/" + if [[ "${merge_mode}" == "passthrough" ]]; then + [[ -n "${kata_versions_yaml_file}" ]] && cp "${kata_versions_yaml_file}" . else - git describe --tags > "${prefix}/VERSION" + any_binary=$(find . -path "*/opt/kata/bin/*" -type f | head -1) + if [[ -z "${any_binary}" ]]; then + echo "Error: No binaries found in opt/kata/bin/" >&2 + exit 1 + fi + prefix=${any_binary%bin/*} + + if [[ "${RELEASE:-no}" == "yes" ]] && [[ -f "${repo_root_dir}/VERSION" ]]; then + # In this case the tag was not published yet, + # thus we need to rely on the VERSION file. + cp "${repo_root_dir}/VERSION" "${prefix}/" + else + git describe --tags > "${prefix}/VERSION" + fi + [[ -n "${kata_versions_yaml_file}" ]] && cp "${kata_versions_yaml_file}" "${prefix}/" fi - [[ -n "${kata_versions_yaml_file}" ]] && cp "${kata_versions_yaml_file}" "${prefix}/" popd echo "create ${tar_path}"